Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.9.53 2015-05-26T02:55:37Z 2015-05-26T02:55:37Z Eric Dumazet edumazet@google.com 2015-05-26T01:55:48Z urn:sha1:68319052d10d18462fbfd5571a5062cb7ec50788 make C=2 CF=-D__CHECK_ENDIAN__ net/core/secure_seq.o net/core/secure_seq.c:157:50: warning: restricted __be32 degrades to integer Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-08-23T02:57:23Z Eric Dumazet edumazet@google.com 2014-08-23T01:32:09Z urn:sha1:d2de875c6d4cbec8a99c880160181a3ed5b9992e ktime_get_ns() replaces ktime_to_ns(ktime_get()) ktime_get_real_ns() replaces ktime_to_ns(ktime_get_real()) Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-06-02T18:00:41Z Eric Dumazet edumazet@google.com 2014-06-02T12:26:03Z urn:sha1:73f156a6e8c1074ac6327e0abd1169e95eb66463 Ideally, we would need to generate IP ID using a per destination IP generator. linux kernels used inet_peer cache for this purpose, but this had a huge cost on servers disabling MTU discovery. 1) each inet_peer struct consumes 192 bytes 2) inetpeer cache uses a binary tree of inet_peer structs, with a nominal size of ~66000 elements under load. 3) lookups in this tree are hitting a lot of cache lines, as tree depth is about 20. 4) If server deals with many tcp flows, we have a high probability of not finding the inet_peer, allocating a fresh one, inserting it in the tree with same initial ip_id_count, (cf secure_ip_id()) 5) We garbage collect inet_peer aggressively. IP ID generation do not have to be 'perfect' Goal is trying to avoid duplicates in a short period of time, so that reassembly units have a chance to complete reassembly of fragments belonging to one message before receiving other fragments with a recycled ID. We simply use an array of generators, and a Jenkin hash using the dst IP as a key. ipv6_select_ident() is put back into net/ipv6/ip6_output.c where it belongs (it is only used from this file) secure_ip_id() and secure_ipv6_id() no longer are needed. Rename ip_select_ident_more() to ip_select_ident_segs() to avoid unnecessary decrement/increment of the number of segments. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-10-23T20:49:34Z David S. Miller davem@davemloft.net 2013-10-23T20:28:39Z urn:sha1:c3fa32b9764dc45dcf8a2231b1c110abc4a63e0b Conflicts: drivers/net/usb/qmi_wwan.c include/net/dst.h Trivial merge conflicts, both were overlapping changes. Signed-off-by: David S. Miller <davem@davemloft.net> 2013-10-23T20:26:46Z Hannes Frederic Sowa hannes@stressinduktion.org 2013-10-23T06:44:50Z urn:sha1:34d92d5315b64a3e5292b7e9511c1bb617227fb6 Currently net_secret_init does not get inlined, so we always have a call to net_secret_init even in the fast path. Let's specify net_secret_init as __always_inline so we have the nop in the fast-path without the call to net_secret_init and the unlikely path at the epilogue of the function. jump_labels handle the inlining correctly. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-10-19T23:45:36Z Hannes Frederic Sowa hannes@stressinduktion.org 2013-10-19T19:48:59Z urn:sha1:e34c9a69970d8664a36b46e6445a7cc879111cfd Cc: Eric Dumazet <edumazet@google.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-10-09T16:59:57Z Fabio Estevam fabio.estevam@freescale.com 2013-10-05T20:56:59Z urn:sha1:cb03db9d0e964568407fb08ea46cc2b6b7f67587 net_secret() is only used when CONFIG_IPV6 or CONFIG_INET are selected. Building a defconfig with both of these symbols unselected (Using the ARM at91sam9rl_defconfig, for example) leads to the following build warning: $ make at91sam9rl_defconfig # # configuration written to .config # $ make net/core/secure_seq.o scripts/kconfig/conf --silentoldconfig Kconfig CHK include/config/kernel.release CHK include/generated/uapi/linux/version.h CHK include/generated/utsrelease.h make[1]: `include/generated/mach-types.h' is up to date. CALL scripts/checksyscalls.sh CC net/core/secure_seq.o net/core/secure_seq.c:17:13: warning: 'net_secret_init' defined but not used [-Wunused-function] Fix this warning by protecting the definition of net_secret() with these symbols. Reported-by: Olof Johansson <olof@lixom.net> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-09-28T22:19:40Z Eric Dumazet edumazet@google.com 2013-09-24T13:19:57Z urn:sha1:9a3bab6b05383f1e4c3716b3615500c51285959e A host might need net_secret[] and never open a single socket. Problem added in commit aebda156a570782 ("net: defer net_secret[] initialization") Based on prior patch from Hannes Frederic Sowa. Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Hannes Frederic Sowa <hannes@strressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-04-29T19:14:02Z Eric Dumazet edumazet@google.com 2013-04-29T05:58:52Z urn:sha1:aebda156a570782a86fc4426842152237a19427d Instead of feeding net_secret[] at boot time, defer the init at the point first socket is created. This permits some platforms to use better entropy sources than the ones available at boot time. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-08-30T01:00:17Z Patrick McHardy kaber@trash.net 2012-08-26T17:14:12Z urn:sha1:58a317f1061c894d2344c0b6a18ab4a64b69b815 Signed-off-by: Patrick McHardy <kaber@trash.net>